Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/finders/personal_access_tokens_finder.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/finders/personal_access_tokens_finder.rb')
-rw-r--r--app/finders/personal_access_tokens_finder.rb13
1 files changed, 12 insertions, 1 deletions
diff --git a/app/finders/personal_access_tokens_finder.rb b/app/finders/personal_access_tokens_finder.rb
index e3d5f2ae8de..93f8c520b63 100644
--- a/app/finders/personal_access_tokens_finder.rb
+++ b/app/finders/personal_access_tokens_finder.rb
@@ -5,12 +5,14 @@ class PersonalAccessTokensFinder
delegate :build, :find, :find_by_id, :find_by_token, to: :execute
- def initialize(params = {})
+ def initialize(params = {}, current_user = nil)
@params = params
+ @current_user = current_user
end
def execute
tokens = PersonalAccessToken.all
+ tokens = by_current_user(tokens)
tokens = by_user(tokens)
tokens = by_impersonation(tokens)
tokens = by_state(tokens)
@@ -20,6 +22,15 @@ class PersonalAccessTokensFinder
private
+ attr_reader :current_user
+
+ def by_current_user(tokens)
+ return tokens if current_user.nil? || current_user.admin?
+ return PersonalAccessToken.none unless Ability.allowed?(current_user, :read_user_personal_access_tokens, params[:user])
+
+ tokens
+ end
+
def by_user(tokens)
return tokens unless @params[:user]
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 07:22:01 +0300